The company’s system enables website owners, cloud service providers, and web service providers to detect, monitor, and restrict in real time third party code installed on a website or running on it. This makes it possible to improve security on the website and prevent information from getting into the wrong hands

It turns out that 85% of the break-ins on websites in recent years are reported to have taken place from within third party code. Israeli startup Source Defense offers a SaaS solution for website owners that enables them to protect themselves and their visitors against breaches, errors, and slowdowns liable to result from the use of this code.

A short pitch: What does the company do?

A: The system enables website owners, cloud service providers, and web service providers to detect, monitor, and restrict in real time third party code installed on a website or running on it. This makes it possible to improve security on the website, deny companies and hackers access to information about the visitor, prevent the theft of information from the website, change the user experience, etc.

A slightly more thorough explanation

A: Most of the world’s websites use third party code, which enriches the user experience on the website and makes it possible to add diverse capabilities to it, such as analytics, advertising, improvement of the surfer’s experience, and so forth. Over 42% of the readings on an average web page are of third party code, and most websites use 5-100 different third party service providers on their websites. The problem is that a website is unable to detect what third party code is doing, and there is currently no way of restricting it. This is because the code comes from “foreign” servers of third party companies, and is interpreted by the visitor’s browser without any transfer or monitoring on the website’s servers. The websites owners actually have no access to the code being used on the visitor’s browser. There have been more and more attacks on third party code providers, and from within them against the websites on which they are installed.

Source Defense can work with a third party code without the writers of the code having to make any adaptations. Source Defense’s founding concept says that we shouldn’t disturb the proper activity of the website or third party code. The third party code will be unaware that the service is being installed. Information that the website owners want to conceal from the code will be invisible to it.

On the other hand, the code is allowed to see and carry out what is necessary for its proper activity.

Source Defense’s Photo Credit: Source Defense

Q: How did you get the idea?

A: The three of us worked both in third party companies and on large content websites. This problem appeared again and again, with no solution being available. At a certain stage, I (Hadar Blutrich) thought about a possible solution to the problem, and realized that our common experience could make us an ideal team for developing the solution.

Q: What stage have you reached?

A: The product is in development, and will be put into a beta trial in an open environment (production) this December. It is designed for anyone who owns a website on which third party code is used.

Q: Who are your competitors?

A: There are two commercial products (“The Media Trust” and “Geo Edge”) capable of detecting some of the break-ins originating in third party code. These products scan the website from various places around the world, and try to detect the break-ins and issue warnings. What we’re offering is different. We’re on the website whenever a visitor enters it. We detect and prevent attacks in real time.

There are also several open code projects trying to solve the problem. The best known is Caja (also Israeli). The significant difference is that in contrast to these projects, Source Defense can work opposite third party code without the writers of the code having to make adaptations in order to work with it.

Q: How do you plan to make money?

A: The business model is CPM, taking micro payments for each 1,000 web pages we scan.

Q: Have you already received investments? How many? Who invested?

A: The company works in the JVP Cyber Labs technology incubator in Beer Sheva. We have raised $1.1 million to date in a combined investment by the Chief Scientist’s fund.

A: The company currently has five employees (the three founders and two paid employees). We are located in the JVP Cyber Labs incubator.

Check out Source Defense’s solution in just two minutes

Source Defense is taking part in the Startup Arena, Geektime’s startup competition taking place for the ninth consecutive year in the framework of the Geektime Conference. Past participants include companies such as Kaltura, Cyactive, and SalesPredict, among others. The 2016 Startup Arena competition this year is sponsored by Altshuler Shaham Benefits.